From 7b087336bff53280d2444678826e12101d865af9 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 16 2023 06:11:10 +0000 Subject: import scap-security-guide-0.1.66-2.el8 --- diff --git a/SOURCES/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch b/SOURCES/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch index 625ed24..4c6024e 100644 --- a/SOURCES/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch +++ b/SOURCES/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch @@ -1,4 +1,4 @@ -From 5e28d4aa823560545e6b49d58e55aecb572f6bd9 Mon Sep 17 00:00:00 2001 +From f9a787045807d22b0bca3d028f265cb6f87f681c Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Tue, 7 Feb 2023 10:53:18 +0100 Subject: [PATCH 4/5] Change custom zones check in firewalld_sshd_port_enabled diff --git a/SOURCES/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch b/SOURCES/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch index 42c969d..5e4db7f 100644 --- a/SOURCES/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch +++ b/SOURCES/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch @@ -1,4 +1,4 @@ -From 8a0670168b1b8278bb943d8f48acbd728905deb7 Mon Sep 17 00:00:00 2001 +From a8236abf709c577152cb96876fcc27c8cf173e66 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Wed, 8 Feb 2023 14:42:32 +0100 Subject: [PATCH 5/5] Accept required and requisite control flag for diff --git a/SOURCES/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch b/SOURCES/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch index 52c00b7..378e699 100644 --- a/SOURCES/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch +++ b/SOURCES/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch @@ -1,4 +1,4 @@ -From 96ef6ed5f2e74b83c366c9704b37904731e526a1 Mon Sep 17 00:00:00 2001 +From 775dec7b479f9fa900fa46d174b202efc14407fa Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Mon, 13 Feb 2023 11:14:40 +0100 Subject: [PATCH 6/6] remove rule logind_session_timeout and associated diff --git a/SOURCES/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch b/SOURCES/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch index a90c93a..62167c2 100644 --- a/SOURCES/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch +++ b/SOURCES/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch @@ -1,4 +1,4 @@ -From 639ae28966832df2300fc486f493225e1e9aa87b Mon Sep 17 00:00:00 2001 +From b09bf3ad8acd82003f068f0d8f60a44f04092656 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Tue, 7 Feb 2023 10:53:17 +0100 Subject: [PATCH 3/5] Extends rsyslog_logfiles_attributes_modify template for diff --git a/SOURCES/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch b/SOURCES/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch index 9543446..161299f 100644 --- a/SOURCES/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch +++ b/SOURCES/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch @@ -1,4 +1,4 @@ -From 7d188e88ef47a50714b127658b4138540af8396c Mon Sep 17 00:00:00 2001 +From be0ffb00c4911eb6b6478525e27e494809ce44ea Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Tue, 7 Feb 2023 10:53:17 +0100 Subject: [PATCH 2/5] Rsyslog files rules remediations diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec index 3d035b5..a5b2b91 100644 --- a/SPECS/scap-security-guide.spec +++ b/SPECS/scap-security-guide.spec @@ -133,19 +133,26 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %changelog * Mon Feb 13 2023 Watson Sato - 0.1.66-2 -- Unselect rule logind_session_timeout (RHBZ#2168079) +- Unselect rule logind_session_timeout (RHBZ#2158404) * Mon Feb 06 2023 Watson Sato - 0.1.66-1 -- Rebase to a new upstream release 0.1.66 (RHBZ#2168079) -- Update RHEL8 STIG profile to V1R9 (RHBZ#2168075) -- Fix levels of CIS rules (RHBZ#2168072) -- Remove unused RHEL8 STIG control file (RHBZ#2168069) -- Fix handling of space in sudo_require_reauthentication (RHBZ#2168066) -- Add rule for audit immutable login uids (RHBZ#2168063) -- Fix remediation of audit watch rules (RHBZ#2168060) -- Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2168057) -- Fix applicability of kerberos rules (RHBZ#2168054) -- Add support rainer scripts in rsyslog rules (RHBZ#2168050) +- Rebase to a new upstream release 0.1.66 (RHBZ#2158404) +- Update RHEL8 STIG profile to V1R9 (RHBZ#2152658) +- Fix levels of CIS rules (RHBZ#2162803) +- Remove unused RHEL8 STIG control file (RHBZ#2156192) +- Fix accounts_password_pam_unix_remember's check and remediations (RHBZ#2153547) +- Fix handling of space in sudo_require_reauthentication (RHBZ#2152208) +- Add rule for audit immutable login uids (RHBZ#2151553) +- Fix remediation of audit watch rules (RHBZ#2119356) +- Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2115343) +- Fix applicability of kerberos rules (RHBZ#2099394) +- Add support rainer scripts in rsyslog rules (RHBZ#2072444) + +* Tue Jan 10 2023 Watson Sato - 0.1.63-5 +- Update RHEL8 STIG profile to V1R8 (RHBZ#2148446) +- Add rule warning for sysctl IPv4 forwarding config (RHBZ#2118758) +- Fix remediation for firewalld_sshd_port_enabled (RHBZ#2116474) +- Fix compatibility with Ansible 2.14 * Wed Aug 17 2022 Watson Sato - 0.1.63-4 - Fix check of enable_fips_mode on s390x (RHBZ#2070564)